Privacy Policy

Last Updated: December 10, 2025
Effective Date: December 10, 2025

1. Introduction

Welcome to ezSign. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at www.ezsign.digital and app.ezsign.digital (the "Service").

Please read this Privacy Policy carefully. By using ezSign, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Who We Are

Service Name: ezSign
Service Description: SaaS platform for film and television production talent management
Legal Entity: Cloud WiFi Limited (UK) / Wigglewifi (Pty) Ltd (licensed operator in South Africa)
Registration: United Kingdom (primary) / South Africa (licensed operator)

Website: www.ezsign.digital
Contact: [email protected]

Data Protection Officer:
Email: [email protected]

3. Scope of This Policy

This Privacy Policy applies to:

  • Personal information collected through the ezSign platform
  • Information collected from website visitors
  • Information about account holders and authorized users
  • Information processed on behalf of our customers (production companies)

This policy does not apply to:

  • Third-party websites linked from our Service
  • Third-party services you integrate with ezSign
  • Information collected offline

4. Information We Collect

We collect information in three primary contexts:

4.1 Information You Provide Directly

Account Information:

  • Full name (first and last name)
  • Email address
  • Password (stored encrypted)
  • Preferred language
  • Country and timezone
  • Role (Accounts, Cast Coordinator, Agent)
  • Two-factor authentication settings

Subscriber/Production Information:

  • Production name and details
  • Subscriber email address
  • Billing address
  • Registration details (if provided)

Artiste Information (Uploaded by Agents):

  • Full name and personal details
  • Identification documents (ID, passport)
  • Home address and contact information
  • Bank account details for payment processing
  • Tax information
  • Profile photographs
  • Work eligibility documents
  • Emergency contact information

Payment Information:

  • Credit card details (processed and stored by Stripe, not by us)
  • Billing history
  • Subscription tier and status

Production and Content Information:

  • Production names and details
  • Client information
  • Talent personal data (names, ID numbers, contact details, payment information)
  • Chit records
  • Run lists
  • Terms and conditions documents
  • Digital signatures
  • Custom fields and categories

Communications:

  • Support requests and correspondence
  • Feedback and survey responses
  • Email communications

4.2 Information Collected Automatically

Usage Information:

  • Log data (IP address, browser type, device information)
  • Access times and pages viewed
  • Features used and actions taken
  • Session duration
  • Referring URLs

Technical Information:

  • Device identifiers
  • Operating system
  • Browser type and version
  • Screen resolution
  • Language preferences

Cookies and Tracking:

  • Essential cookies for authentication and security
  • Analytics cookies (with consent where required)
  • Preference cookies for language and settings

4.3 Information from Third Parties

Payment Processor (Stripe):

  • Payment confirmation
  • Subscription status
  • Transaction details

Authentication Services:

  • OAuth provider information (if implemented)

5. How We Use Your Information

5.1 Service Delivery

We use your information to:

  • Create and manage your account
  • Authenticate and authorise access
  • Process payments and subscriptions
  • Provide the core platform functionality
  • Generate chits and documents
  • Store and retrieve your content
  • Enable multi-user collaboration
  • Facilitate digital signatures

5.2 Communication

We use your information to:

  • Send transactional emails (account creation, password resets, invoices)
  • Provide customer support
  • Send system notifications and updates
  • Send Chits direct to Artistes email
  • Send Bulk chits mails to Artistes Agents
  • Notify you of important service changes
  • Respond to your inquiries

5.3 Service Improvement

We use aggregated, anonymized data to:

  • Analyze usage patterns
  • Improve platform features
  • Develop new functionality
  • Conduct research and analytics
  • Fix bugs and resolve issues

5.4 Legal and Security

We use your information to:

  • Comply with legal obligations
  • Enforce our Terms and Conditions
  • Prevent fraud and abuse
  • Protect security of the platform
  • Respond to legal requests
  • Establish, exercise, or defend legal claims

6. Legal Bases for Processing (POPIA/GDPR)

We process your personal information based on the following legal grounds:

Processing Purpose Legal Basis
Account management and service delivery Contract performance
Payment processing Contract performance
Customer support Contract performance and legitimate interests
Platform security and fraud prevention Legitimate interests
Legal compliance Legal obligation
Marketing communications Consent
Service improvements (anonymized data) Legitimate interests

7. Data Isolation and Multi-Tenancy

7.1 Agent and Production Data Silos

Your data is isolated from other customers:

  • Each subscriber's data is stored in logically separated database segments
  • Row-level security ensures data cannot be accessed across subscribers
  • Database queries enforce subscriber boundaries
  • Access controls prevent cross-customer data access

Agent Data Protection:

  • Agents can only access data for their own Artistes
  • Agents only see Artistes when booked on productions they service
  • Artiste personal information (ID, address, bank details) is protected with database-level encryption at rest and accessible only to the owning Agent
  • Productions cannot access Artiste sensitive data beyond what's needed for payroll
  • Agent silos ensure Artistes' privacy is maintained across different productions

7.2 What This Means for You

Data Privacy:

  • Your production data is never visible to other ezSign customers
  • Other customers cannot access your talent information, chits, or productions
  • Your content is isolated and secure within your production company silo

Data Sharing:

  • We never sell your personal information to third parties
  • We never share your production data with other customers
  • We never use your data for advertising or third-party marketing
  • We do not combine your data with other customers' data

Multi-Production Management:

  • Subscribers can manage multiple productions within their account
  • You control which users have access to which productions
  • Users can only see productions they are explicitly granted access to
  • Agents only access production data relevant to their represented Artistes

7.3 Shared vs. Isolated Data

Isolated (Never Shared Between Customers):

  • Production details
  • Talent information
  • Artiste personal data (ID, address, bank details)
  • Chits data
  • Run lists
  • Custom fields and settings
  • User-generated content
  • Agent-specific Artiste information

Aggregated Only (Anonymized for Service Improvement):

  • Usage statistics (anonymized)
  • Feature adoption metrics (anonymized)
  • Performance benchmarks (anonymized)

Never Aggregated:

  • Personal identifiable information
  • Production-specific data
  • Financial information
  • Proprietary business information

8. How We Share Your Information

8.1 Service Providers (Data Processors)

We engage third-party companies to perform services on our behalf:

Provider Service Data Shared Location Safeguards
Stripe Payment processing Name, email, payment details USA GDPR-compliant, PCI-DSS Level 1
AWS/Azure Cloud hosting All platform data (encrypted at rest with AES-256) Multi-region ISO 27001, SOC 2, DPA in place
SendGrid Email delivery Email addresses, message content USA GDPR-compliant, DPA in place

All service providers:

  • Are contractually obligated to protect your data
  • May only process data according to our instructions
  • Must implement appropriate security measures
  • Must notify us of any data breaches
  • May not use your data for their own purposes

8.2 Legal Requirements

We may disclose your information when required by law:

  • To comply with court orders or legal processes
  • To respond to lawful requests from public authorities
  • To enforce our Terms and Conditions
  • To protect our rights, privacy, safety, or property
  • To investigate fraud or security issues

8.3 Business Transfers

If ezSign is involved in a merger, acquisition, or asset sale:

  • Your information may be transferred to the new entity
  • We will notify you via email and/or prominent notice
  • You will have the opportunity to delete your account before transfer

8.4 Never Shared

We never share your information for:

  • Third-party advertising
  • Data brokering or selling
  • Marketing to other companies
  • Purposes unrelated to service delivery

9. International Data Transfers

9.1 Where Your Data is Processed

ezSign operates globally, and your data may be transferred to and processed in:

  • European Union - Ireland (primary data center - AWS eu-west-1)
  • United States (payment processing via Stripe)
  • Other countries where our service providers operate

All customer data is currently hosted in the AWS eu-west-1 (Ireland) region, ensuring GDPR compliance and data residency within the European Economic Area.

9.2 Transfer Safeguards

When transferring data outside the EEA (such as to US-based payment processors), we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved data transfer agreements with all processors
  • Data Processing Agreements (DPAs): Contractual obligations requiring GDPR compliance
  • Adequacy Decisions: Stripe operates under the EU-US Data Privacy Framework
  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)

9.3 Your Rights

You may:

  • Request information about where your data is stored (currently: AWS eu-west-1, Ireland)
  • Object to transfers that may affect your rights
  • Contact us to discuss data residency requirements

10. Data Security

10.1 Technical Security Measures

Encryption:

  • TLS 1.3 for all data in transit (HTTPS)
  • AES-256 database-level encryption for all data at rest (provided by hosting infrastructure)
  • Encrypted backups with separate encryption keys
  • All sensitive data protected by multiple layers of access controls and row-level security

Access Controls:

  • Multi-factor authentication (2FA) support
  • Role-based access control (RBAC)
  • Principle of least privilege
  • Session management and timeout

Infrastructure Security:

  • Regular security audits and penetration testing
  • Vulnerability scanning and patch management
  • Intrusion detection and prevention systems
  • DDoS protection
  • Secure development lifecycle
  • Code review and security testing

Database Security:

  • Row-level security
  • Parameterized queries to prevent SQL injection
  • Database activity monitoring
  • Regular backups with encryption
  • Geographic redundancy

10.2 Organizational Security Measures

Personnel:

  • Background checks for employees with data access
  • Confidentiality agreements with all staff
  • Regular security and privacy training
  • Access revocation upon termination
  • Incident response training

Policies and Procedures:

  • Data protection policies and procedures
  • Incident response plan
  • Disaster recovery plan
  • Business continuity plan
  • Vendor management program

Monitoring:

  • 24/7 security monitoring
  • Automated threat detection
  • Regular security assessments
  • Compliance audits
  • Penetration testing

10.3 Your Security Responsibilities

To keep your account secure:

  • Use a strong, unique password
  • Enable two-factor authentication
  • Keep your password confidential
  • Log out after using shared devices
  • Report suspicious activity immediately
  • Keep your contact information updated

11. Data Retention

11.1 Retention Periods

Data Type Retention Period Reason
Active Account Data Duration of subscription + 7 years Service delivery
Financial Records 7 years after last transaction Tax and legal compliance
Support Communications 3 years Customer service and quality
Audit Logs 12 months Security monitoring and compliance
Backups 30 days (rolling), then deleted Disaster recovery

11.2 Data Compression and Archival

Older Production Data:

  • PDFs, documents, and media files are compressed 6 months after a production's end date or subscription cancellation
  • Compressed data remains fully accessible and can be retrieved on demand
  • All chits and production records remain available for the full 7-year retention period
  • Compression reduces storage costs while maintaining legal compliance
  • No impact on data integrity or accessibility

11.3 Account Deletion

Cast Coordinators:

  • May delete their personal account at any time
  • Account deletion removes personal login and profile information
  • Associated production data and chits are retained for legal compliance (see below)

Agents:

  • May delete their account and all associated Artiste data
  • Upon deletion, all Artiste personal information (ID, address, bank details) is permanently removed, except those artistes which have been included on a Production salary voucher/chit
  • Production records and chits referencing those Artistes are retained for legal compliance
  • Chit records show Artiste name, ID, Tax Number & Cell Number - these are only accessible by the Artiste's agent and the production company authorised users

Production/Job Records Retention:

  • All production details, job records, and chits are retained for 7 years
  • Required for tax compliance, audit trails, and legal obligations
  • Includes chit amounts, dates, production names, and work performed
  • Personal identifying information of deleted Artistes is anonymized after account deletion

11.4 Data Access Before Deletion

Before deleting your account:

  • Review and download any documents you need from the platform
  • Contact [email protected] if you need assistance accessing specific records
  • Once deleted, personal account access cannot be restored

12. Your Privacy Rights

12.1 Rights Under POPIA and GDPR

You have the following rights regarding your personal information:

Right to Access

  • Request confirmation of what data we hold about you
  • Obtain a copy of your personal information
  • Receive information about how we process your data
  • How: Email [email protected] to exercise your privacy rights

Right to Rectification

  • Correct inaccurate information
  • Complete incomplete data
  • How: Update via Account Settings or contact support

Right to Erasure ("Right to be Forgotten")

  • Request deletion of your personal information
  • Limitations: We may retain data required for legal compliance
  • How: Email [email protected] to request account deletion

Right to Restriction

  • Limit how we process your data while disputes are resolved
  • How: Email [email protected] with details of your request

Our Response:

  • We will verify your identity before responding
  • Response within 30 days (may extend by 60 days for complex requests)
  • Free of charge (unless requests are manifestly unfounded or excessive)
  • Clear explanation if we refuse to act on a request

12.2 Right to Lodge a Complaint

If you believe we have not handled your data properly:

South Africa:

European Union:

  • Contact your local Data Protection Authority
  • Find your authority: https://edpb.europa.eu/about-edpb/board/members

We encourage you to contact us first so we can address your concerns directly.

13. Cookies and Tracking Technologies

13.1 What We Use

Essential Cookies (Always Active - No Consent Required):

  • Session authentication (NextAuth session token)
  • Security tokens (CSRF protection)
  • Language preferences
  • Authentication state

These essential cookies are necessary for the platform to function and do not require GDPR consent as they are strictly necessary for service delivery.

Analytics Cookies:

  • We do NOT use analytics cookies

We do NOT use:

  • Advertising cookies
  • Third-party tracking pixels
  • Cross-site tracking
  • Social media tracking
  • Marketing cookies

13.2 Cookie Control

You can control cookies through:

  • Browser Settings: Block or delete cookies

Note: Since we only use essential cookies required for the platform to function, disabling them will prevent you from using ezSign.

13.3 Do Not Track

We do not use tracking cookies or analytics, so Do Not Track (DNT) preferences do not apply to our service. We only use essential cookies required for authentication and security.

14. Children's Privacy

14.1 Age Restrictions

ezSign is not intended for individuals under 18 years of age:

  • We do not knowingly collect information from minors
  • Account creation requires confirmation of age 18+
  • Use by minors is prohibited by our Terms and Conditions

14.2 Parental Consent

If minors appear in production data (talent):

  • You (the customer) are responsible for obtaining parental/guardian consent
  • You must comply with applicable child labor and protection laws
  • We process such data only as your Data Processor

15. California Privacy Rights (CCPA)

15.1 Applicability

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA).

15.2 Information We Collect (CCPA Categories)

Category Examples Collected? Business Purpose
Identifiers Name, email, IP address Yes Account creation, authentication
Commercial Information Subscription history, purchases Yes Billing, service delivery
Internet Activity Usage logs, browsing history Yes Service improvement, security
Geolocation IP-based location Yes Timezone settings, compliance
Professional Information Job title, role Yes Access control, features
Sensitive Personal Information Passwords (encrypted) Yes Authentication

15.3 CCPA Rights

California residents may:

  • Know: Request details about data collected (twice per year, free)
  • Delete: Request deletion of personal information
  • Opt-Out: Object to sale of personal information (Note: We do not sell personal information)
  • Non-Discrimination: Not be discriminated against for exercising CCPA rights

15.4 Exercising CCPA Rights

Email: [email protected]
Online: Account Settings → Privacy Rights

Verification:

  • We will verify your identity using information we have on file
  • We may request additional information to verify requests

16. Changes to This Privacy Policy

16.1 Updates

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • New features or services
  • Legal or regulatory requirements
  • User feedback

16.2 Notification

We will notify you of material changes via:

  • Email to your registered address (30 days before taking effect)
  • Prominent notice on the platform
  • Updated "Last Updated" date at the top of this policy

16.3 Continued Use

Continued use of ezSign after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree, you may cancel your subscription.

17. Contact Information

17.1 Privacy Questions

For questions about this Privacy Policy or our privacy practices:

Email: [email protected]
Support: [email protected]
Website: www.ezsign.digital

17.2 Data Protection Officer

Email: [email protected]
Address: ezSign DPO, Johannesburg, South Africa

17.3 General Inquiries

Email: [email protected]
Website: www.ezsign.digital

18. Language

This Privacy Policy is provided in English. If translated versions conflict with the English version, the English version prevails.

19. Summary

Key Points:

  • We respect your privacy and protect your personal information
  • Your data is isolated - other customers cannot access it
  • We never sell your data to third parties
  • You control your information - access, correct or delete
  • We use strong security - encryption, access controls, monitoring
  • We're compliant - POPIA, GDPR, and other regulations
  • We're transparent - clear about what we collect and why
  • You have rights - exercise them easily through self-service or support

Questions? Contact [email protected] - we're here to help!

Document Version: 1.0
Last Reviewed: December 10, 2025
Next Review Date: December 10, 2026

Back to Home